c261120ae6b18e917cff8f43cbc61f27047653a993732c55a415de0ad5498ee5 | Triage

Sharing

General

Target

260655e5979ca5856987b83e55ef421c
Size

232KB
Sample

231225-rxv9pscbb8
MD5

260655e5979ca5856987b83e55ef421c
SHA1

6815228fdfe6825270d05009b5da2fab65897c66
SHA256

c261120ae6b18e917cff8f43cbc61f27047653a993732c55a415de0ad5498ee5
SHA512

00deccb0f5dcd6129d84c194c0976a2b8e225fb69eff5479c2384f6168d25c04231d6db9717e8b01f3d9d80ded02172152c501ea28be4fa879b7b32b15d01bd8
SSDEEP

3072:1Dur+4Qo9ooxejwBcQ3PnFGeFtJZLVagt7q6PD7P59wE2bps:1Dur+4Qo9o8ejwB7FGJufEn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  260655e5979ca5856987b83e55ef421c
- Size
  
  232KB
- MD5
  
  260655e5979ca5856987b83e55ef421c
- SHA1
  
  6815228fdfe6825270d05009b5da2fab65897c66
- SHA256
  
  c261120ae6b18e917cff8f43cbc61f27047653a993732c55a415de0ad5498ee5
- SHA512
  
  00deccb0f5dcd6129d84c194c0976a2b8e225fb69eff5479c2384f6168d25c04231d6db9717e8b01f3d9d80ded02172152c501ea28be4fa879b7b32b15d01bd8
- SSDEEP
  
  3072:1Dur+4Qo9ooxejwBcQ3PnFGeFtJZLVagt7q6PD7P59wE2bps:1Dur+4Qo9o8ejwB7FGJufEn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence